Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp8527427ybc; Fri, 29 Nov 2019 12:07:47 -0800 (PST) X-Google-Smtp-Source: APXvYqymw610Ca2WnqqCNuUg/nvvrzB6QjclTKouNgaqLTEiff+PU+yhkOYHkiuC6pRMPQ/NPgn9 X-Received: by 2002:a50:9e22:: with SMTP id z31mr22472722ede.258.1575058067366; Fri, 29 Nov 2019 12:07:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575058067; cv=none; d=google.com; s=arc-20160816; b=O7cGNqvjGT7sPXL1hlhep65knQJmePx0krMQ8kcfRQuALqZeqco8tIE3x+7qHdYILv HL0jTEmjjyEznxytVLWipicfqs1o1vIpi1QwZAo2l/hPKT5Qnkw4FXkVgtoxWWc5uu1C oQbL+YBSCuVQLEHQDnumuxVqACE339ojIlw7XDF8JxJoSIiTWCuYYhShmMumoqSpIlel GIk/VNHLnzbMbPyTesyTrEnEOG4p30O2gaTdR/M1tq1GDWCkvduZ8strXO743mxblBf4 THoYtjeFr8UfceCSkpl9h238DTfH/0cl21ob853Nu+cbx93Sq81dsUuzdl//mUTcNZJk cN6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=UZlkXy8RWiYr8mgQbWlbsIK8Er2RvKuHFu1z2ANJCuo=; b=Fhg5N1EOPP+jsPAMfzbl+5Jkz1k8gPrkxdLcTX4F1dI34cidNhivFmGp0H0O19r8BB 0jywuNbZK70KaiVDGhX4CpaDYKmp0mjQzjSCwJ0y5dKwClQcyHrAr5qDrNgcxja4xTDZ jv1ryUO7s4qNLhspfVbHWgN2hEp4DuRr7iahTB6GirReFiIC6nCFNtMOI3au88G7wRBl I5Uo2tJXMgSSKeXyLS2DcONjS1c8PTKdnqx/LzM4Yqxe/EDmnukgZq6bcOttWt6NTE25 /PDD2/XCM51ZR04rqlCPz5AYyljnGczaC+9xBWAsoJnKU2wGfgBifFpZtqEWodv3/4kW NAAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id oq19si1211149ejb.97.2019.11.29.12.07.23; Fri, 29 Nov 2019 12:07:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727142AbfK2UFa (ORCPT + 99 others); Fri, 29 Nov 2019 15:05:30 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:5738 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727040AbfK2UF3 (ORCPT ); Fri, 29 Nov 2019 15:05:29 -0500 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xATK23gC007032; Fri, 29 Nov 2019 15:05:20 -0500 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 2wjym5bx1h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 Nov 2019 15:05:20 -0500 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id xATK5CCg004672; Fri, 29 Nov 2019 20:05:19 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma03dal.us.ibm.com with ESMTP id 2wevd7pgmf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 Nov 2019 20:05:19 +0000 Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com [9.57.199.108]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xATK5Imu30671340 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 29 Nov 2019 20:05:18 GMT Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6CFF5B2066; Fri, 29 Nov 2019 20:05:18 +0000 (GMT) Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1CC21B2064; Fri, 29 Nov 2019 20:05:17 +0000 (GMT) Received: from jarvis.ext.hansenpartnership.com (unknown [9.85.134.245]) by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP; Fri, 29 Nov 2019 20:05:16 +0000 (GMT) Message-ID: <1575057916.6220.7.camel@linux.ibm.com> Subject: Re: One question about trusted key of keyring in Linux kernel. From: James Bottomley To: "Zhao, Shirley" , Mimi Zohar , Jarkko Sakkinen , Jonathan Corbet Cc: "linux-integrity@vger.kernel.org" , "keyrings@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "'Mauro Carvalho Chehab'" , "Zhu, Bing" , "Chen, Luhai" Date: Fri, 29 Nov 2019 12:05:16 -0800 In-Reply-To: References: <1573659978.17949.83.camel@linux.ibm.com> <1574877977.3551.5.camel@linux.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-11-29_07:2019-11-29,2019-11-29 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 mlxscore=0 mlxlogscore=999 spamscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 malwarescore=0 impostorscore=0 adultscore=0 clxscore=1011 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1911290174 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2019-11-29 at 01:40 +0000, Zhao, Shirley wrote: > Hi, James, > > Maybe the TPM command confused you. Well you did seem to be saying we had a problem in the TPM sealed key subsystem. > The question is I use keyctl command sealed a trusted key with PCR > policy, but load it failed after reboot. > I don't know why it was loaded failed. I use TPM command to help find > it, it report policy check failed. Right, so your question seems to be why after a reboot, the TPM policy no longer works to authorize the key even from user space? My best guess would be the PCR value you've sealed it to changed over the reboot for some reason. > So my question is how to load the PCR policy sealed trusted key > correctly? You have to set the sealing release policy to something you know will be invariant across reboots for an unseal to happen reliably. However, usually you also want the unseal to fail if something you don't like changes, so you set the policy to be something that's invariant unless that happens. Not really knowing what your conditions are we can't really tell you what your policy should look like. > How to use policydigest and policyhandle correctly. I've no real idea how the tpm2_ commands work, but the tsspolicy commands all have man pages which do a pretty good explanation. If I infer how your tpm2_ commands seem to be working, I think you're sealing to a pcr7 hash? pcr7 is the one that's supposed to measure the secure boot path and properties and as such shouldn't change across reboots, so I think your problem becomes finding out why it changed. James